Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix safari10 initialization error #232

Merged
merged 8 commits into from
Oct 10, 2019
Merged

Fix safari10 initialization error #232

merged 8 commits into from
Oct 10, 2019

Conversation

luisrudge
Copy link
Contributor

Description

Safari 10 uses crypto.webkitSubtle instead of crypto.subtle. This PR normalizes this behavior.

References

ESD-2220

Testing

  • This change adds test coverage for new/changed/fixed functionality

@luisrudge luisrudge added the small label Oct 2, 2019
@luisrudge luisrudge requested a review from a team October 2, 2019 21:22
damieng
damieng reviewed Oct 2, 2019
View reviewed changes
src/index.ts Outdated Show resolved Hide resolved
damieng
damieng suggested changes Oct 2, 2019
View reviewed changes
Copy link
Contributor

@damieng damieng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should only use webkitSubtle when subtle is not available. Not prefer webkitSubtle over subtle. Guidance from https://webkit.org/blog/7790/update-on-web-cryptography/

@luisrudge luisrudge requested a review from damieng October 9, 2019 17:28
@luisrudge
Copy link
Contributor Author

@damieng updated 🎉 thanks for the reference

damieng
damieng reviewed Oct 9, 2019
View reviewed changes
src/index.ts Outdated
@@ -20,10 +21,14 @@ export default async function createAuth0Client(options: Auth0ClientOptions) {
'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'
);
}
// safari 10 compat
if (!window.crypto.subtle && (<any>window.crypto).webkitSubtle) {
(<any>window.crypto).subtle = (<any>window.crypto).webkitSubtle;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No non-Auth0 code can be running in the Window while we're doing this right?

Trying to decide if replacing a global is safe in this context or whether we should be creating our own variable to use instead to avoid non-Auth0 code getting confused.

@luisrudge luisrudge merged commit 12cdc9b into master Oct 10, 2019
@snyk-bot snyk-bot mentioned this pull request Oct 23, 2019
Closed
@snyk-bot snyk-bot mentioned this pull request Oct 27, 2019
Merged
@stevehobbsdev stevehobbsdev deleted the fix/safari10 branch December 17, 2019 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@damieng damieng damieng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@luisrudge @damieng @joshcanhelp